Describe General Security and Network Security Features Flashcards
____________ is a monitoring service that provides visibility of your security posture across all of your services, both on Azure and on-premises.
Azure Security Center
The Azure product that can:
- Provide security recommendations based on your current config, resources, & networks
- Detect & block malware
- Analyze & identify potential attacks
- Just-in-time access control for ports
Azure Security Center
____________ refers to cybersecurity policies and controls, as well as how well you can predict, prevent, and respond to security threats.
security posture
Azure Security Center capabilities include 4 main components. Name the 4.
- Policy compliance
- Continuous assessments
- Tailored recommendations
- Threat protection
____________ is a measurement of an organization’s security posture and is based on security controls, or groups of related security recommendations. It is based on the percentage of security controls that you satisfy. The more security controls you satisfy, the higher the rating you receive. It improves when you remediate all of the recommendations for a single resource within a control.
____________ access blocks traffic by default to specific network ports of VMs, but allows traffic for a specified time when an admin requests and approves it.
Just-in-time VM access
A company can control which applications are allowed to run on its VMs. In the background, Security Center uses machine learning to look at the processes running on a VM. It creates exception rules for each resource group that holds the VMs and provides recommendations. This process provides alerts that inform the company about unauthorized applications that are running on its VMs. What is this threat protection called?
Adaptive application controls
Security Center can monitor the internet traffic patterns of the VMs, and compare those patterns with the company’s current network security group (NSG) settings. From there, Security Center can make recommendations about whether the NSGs should be locked down further and provide remediation steps. This threat protection capability is called __________________.
Adaptive network hardening
__________ allows a company to configure the monitoring of changes to important files on both Windows and Linux, registry settings, applications, and other aspects that might indicate a security attack.
File integrity monitoring
___________ uses Azure Logic Apps and Security Center connectors, which are triggered by a threat detection alert or by a Security Center recommendation, filtered by name or by severity. You can then configure the logic app to run an action, such as sending an email, or posting a message to a Microsoft Teams channel. This allows you to investigate or remediate alerts.
Workflow automation
Security management on a large scale can benefit from a dedicated security information and event management (SIEM) system. A SIEM system aggregates security data from many different sources (as long as those sources support an open-standard logging format). It also provides capabilities for threat detection and response.
___________ is Microsoft’s cloud-based SIEM system. It uses intelligent security analytics and threat analysis.
_____________ enables you to:
- Collect cloud data at scale Collect data across all users, devices, applications, and infrastructure, both on-premises and from multiple clouds.
- Detect previously undetected threats Minimize false positives by using Microsoft’s comprehensive analytics and threat intelligence.
- Investigate threats with artificial intelligence Examine suspicious activities at scale, tapping into years of cybersecurity experience from Microsoft.
- Respond to incidents rapidly Use built-in orchestration and automation of common tasks.
Azure Sentinel
What threat detection product include connectors / integrations for these products:
- Office 365
- Azure Active Directory
- Azure Advanced Threat Protection
- Microsoft Cloud App Security
Azure Sentinel
When a company builds its workloads in the cloud, it needs to carefully handle sensitive information such as passwords, encryption keys, and certificates. This information needs to be available for an application to function, but it might allow an unauthorized person access to application data. _________ is a centralized cloud service for storing an application’s secrets in a single, central location. It provides secure access to sensitive information by providing access control and logging capabilities.
What product are these 5 benefits attributed to?
- Centralized application secrets Centralizing the storage for your application secrets enables you to control their distribution, and reduces the chances that secrets are accidentally leaked.
- Securely stored secrets and keys Azure uses industry-standard algorithms, key lengths, and HSMs. Access to Key Vault requires proper authentication and authorization.
- Access monitoring and access control By using Key Vault, you can monitor and control access to your application secrets.
- Simplified administration of application secrets Key Vault makes it easier to enroll and renew certificates from public certificate authorities (CAs). You can also scale up and replicate content within regions and use standard certificate management tools.
- Integration with other Azure services You can integrate Key Vault with storage accounts, container registries, event hubs, and many more Azure services. These services can then securely reference the secrets stored in Key Vault.
Azure Key Vault
A _________ gives you access to free resources. Your personal subscription will not be charged. It may only be used to complete training on Microsoft Learn. Use for any other reason is prohibited, and may result in permanent loss of access to it.
Some organizations must follow regulatory compliance that requires them to be the only customer using the physical machine that hosts their virtual machines. ___________ provides physical servers to host your Azure VMs for Windows and Linux.
True or false: A dedicated host is mapped to a physical server in an Azure datacenter. A host group is a collection of dedicated hosts.
True
These are benefits of what product?
- Gives you visibility into, and control over, the server infrastructure that’s running your Azure VMs.
- Helps address compliance requirements by deploying your workloads on an isolated server.
- Lets you choose the number of processors, server capabilities, VM series, and VM sizes within the same host.
Azure Dedicated Host
To provide the best availability with the Azure Dedicated Host product, you can provision multiple hosts in a ________ and deploy your VMs across it.
host group
VMs on dedicated hosts can also take advantage of ______________. This feature enables you to control when regular maintenance updates occur, within a 35-day rolling window.
maintenance control
Referring to the attached image, How can Tailwind Traders enforce having only certain applications run on its VMs?
- Connect your VMs to Azure Sentinel.
- Create an application control rule in Azure Security Center.
- Periodically run a script that lists the running processes on each VM. The IT manager can then shut down any applications that shouldn’t be running.
Create an application control rule in Azure Security Center.
With Azure Security Center, you can define a list of allowed applications to ensure that only applications you allow can run. Azure Security Center can also detect and block malware from being installed on your VMs.
Referring to the attached image, What’s the easiest way for Tailwind Traders to combine security data from all of its monitoring tools into a single report that it can take action on?
- Collect security data in Azure Sentinel.
- Build a custom tool that collects security data, and displays a report through a web application.
- Look through each security log daily and email a summary to your team.
Collect security data in Azure Sentinel
Azure Sentinel is Microsoft’s cloud-based SIEM. A SIEM aggregates security data from many different sources to provide additional capabilities for threat detection and responding to threats.
Referring to the attached image, Which is the best way for Tailwind Traders to safely store its certificates so that they’re accessible to cloud VMs?
- Place the certificates on a network share.
- Store them on a VM that’s protected by a password.
- Store the certificates in Azure Key Vault.
Store the certificates in Azure Key Vault
Azure Key Vault enables you to store your secrets in a single, central location. Key Vault also makes it easier to enroll and renew certificates from public certificate authorities (CAs).
Referring to the attached image, How can Tailwind Traders ensure that certain VM workloads are physically isolated from workloads being run by other Azure customers?
- Configure the network to ensure that VMs on the same physical host are isolated.
- This is not possible. These workloads need to be run on-premises.
- Run the VMs on Azure Dedicated Host.
Run the VMs on Azure Dedicated Host
Azure Dedicated Host provides dedicated physical servers to host your Azure VMs for Windows and Linux.
The objective of __________ is to protect information and prevent it from being stolen by those who aren’t authorized to access it. This strategy uses a series of mechanisms to slow the advance of an attack that aims at acquiring unauthorized access to data leveraging multiple levels of protection as one layer is isolated from the subsequent.
defense in depth
Identify the 7 layers of the defense in depth strategy.
- The physical security layer is the first line of defense to protect computing hardware in the datacenter.
- The identity and access layer controls access to infrastructure and change control.
- The perimeter layer uses distributed denial of service (DDoS) protection to filter large-scale attacks before they can cause a denial of service for users.
- The network layer limits communication between resources through segmentation and access controls.
- The compute layer secures access to virtual machines.
- The application layer helps ensure that applications are secure and free of security vulnerabilities.
- The data layer controls access to business and customer data that you need to protect.
The _________ layer is the first line of defense to protect computing hardware in the datacenter. the intent is to provide physical safeguards against access to assets. These safeguards ensure that other layers can’t be bypassed, and loss or theft is handled appropriately.
- The physical security layer is the first line of defense to protect computing hardware in the datacenter.
The ________ layer controls access to infrastructure and change control. At this layer, it’s important to:
- Control access to infrastructure and change control.
- Use single sign-on (SSO) and multifactor authentication.
- Audit events and changes.
- The identity and access layer controls access to infrastructure and change control. This layer is all about ensuring that identities are secure, access is granted only to what’s needed, and sign-in events and changes are logged.
The __________ layer uses distributed denial of service (DDoS) protection to filter large-scale attacks before they can cause a denial of service for users. At this layer, it’s important to:
- Use DDoS protection to filter large-scale attacks before they can affect the availability of a system for users.
- Use firewalls to identify and alert on malicious attacks against your network.
- The perimeter layer uses distributed denial of service (DDoS) protection to filter large-scale attacks before they can cause a denial of service for users.
The __________ layer limits communication between resources through segmentation and access controls. At this layer, it’s important to:
- Limit communication between resources.
- Deny by default.
- Restrict inbound internet access and limit outbound access where appropriate.
- Implement secure connectivity to on-premises networks.
At this layer, the focus is on limiting the connectivity across all your resources to allow only what’s required. By limiting this communication, you reduce the risk of an attack spreading to other systems.
- The network layer limits communication between resources through segmentation and access controls.
The ______ layer secures access to virtual machines. At this layer, it’s important to:
- Secure access to virtual machines.
- Implement endpoint protection on devices and keep systems patched and current.
Malware, unpatched systems, and improperly secured systems open your environment to attacks. The focus in this layer is on making sure that your resources are secure and that you have the proper controls in place to minimize security issues.
- The compute layer secures access to virtual machines.
The _________ layer helps ensure that your products are secure and free of security vulnerabilities. At this layer, it’s important to:
- Ensure that your products are secure and free of vulnerabilities.
- Store sensitive secrets in a secure storage medium.
- Make security a design requirement for all development.
- The application layer helps ensure that applications are secure and free of security vulnerabilities. Integrating security into the application development lifecycle helps reduce the number of vulnerabilities introduced in code. Every development team should ensure that its applications are secure by default.
The _________ layer controls access to business and customer data that you need to protect.
The data layer controls access to business and customer data that you need to protect. In almost all cases, attackers are after data:
- Stored in a database.
- Stored on disk inside virtual machines.
- Stored in software as a service (SaaS) applications, such as Office 365.
- Managed through cloud storage.
Those who store and control access to data are responsible for ensuring that it’s properly secured. Often, regulatory requirements dictate the controls and processes that must be in place to ensure the confidentiality, integrity, and availability of the data.